ExamGecko
Search Search Login
Home Home / Fortinet / NSE7_SDW-7.2

Fortinet NSE7_SDW-7.2 Practice Test - Questions Answers, Page 2

Question list
Search
Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

Refer to the exhibit. Based on the output shown in the exhibit, which two criteria on the SD-WAN member configuration can be used to select an outgoing interface in an SD-WAN rule? (Choose two.)
Refer to the exhibit. Based on the exhibit, which two actions does FortiGate perform on sessions after a firewall policy change? (Choose two.)
Exhibit B -- Exhibit A shows the system interface with the static routes and exhibit B shows the firewall policies on the managed FortiGate. Based on the FortiGate configuration shown in the exhibits, what issue might you encounter when creating an SD-WAN zone for port1 and port2?
Refer to the exhibit. Which statement explains the output shown in the exhibit?
In which SD-WAN template field can you use a metadata variable?
What are two advantages of using an IPsec recommended template to configure an IPsec tunnel in a hub-and-spoke topology? (Choose two.)
Refer to the exhibit. The exhibit shows output of the command diagnose 3vg sdwan service collected on a FortiGate device. The administrator wants to know through which interface FortiGate will steer the traffic from local users on subnet 10.0.1.0/255.255.255.192 and with a destination of the business application Salesforce located on HO servers 10.0.0.1. Based on the exhibits, which two statements are correct? (Choose two.)
Refer to the exhibit. FortiGate has multiple dial-up VPN interfaces incoming on port1 that match only FIRST_VPN. Which two configuration changes must be made to both IPsec VPN interfaces to allow incoming connections to match all possible IPsec dial-up interfaces? (Choose two.)
Exhibit. The exhibit shows VPN event logs on FortiGate. In the output shown in the exhibit, which statement is true?
Exhibit. The exhibit shows the output of the command diagnose sys sdwan health-check status collected on a FortiGate device. Which two statements are correct about the health check status on this FortiGate device? (Choose two.)

Question 11

Report
Export
Collapse

Which two statements about SLA targets and SD-WAN rules are true? (Choose two.)

A.
When configuring an SD-WAN rule, you can select multiple SLA targets of the same performance SLA.
A.
When configuring an SD-WAN rule, you can select multiple SLA targets of the same performance SLA.
Answers
B.
SD-WAN rules use SLA targets to check if the preferred members meet the SLA requirements.
B.
SD-WAN rules use SLA targets to check if the preferred members meet the SLA requirements.
Answers
C.
SLA targets are used only by SD-WAN rules that are configured with Lowest Cost (SLA) or Maximize Bandwidth (SLA) as strategy.
C.
SLA targets are used only by SD-WAN rules that are configured with Lowest Cost (SLA) or Maximize Bandwidth (SLA) as strategy.
Answers
D.
Member metrics are measured only if an SLA target is configured.
D.
Member metrics are measured only if an SLA target is configured.
Answers
Suggested answer: B, D

Question 12

Report
Export
Collapse

Which two statements describe how IPsec phase 1 main mode id different from aggressive mode when performing IKE negotiation? (Choose two.)

A.
A peer ID is included in the first packet from the initiator, along with suggested security policies.
A.
A peer ID is included in the first packet from the initiator, along with suggested security policies.
Answers
B.
XAuth is enabled as an additional level of authentication, which requires a username and password.
B.
XAuth is enabled as an additional level of authentication, which requires a username and password.
Answers
C.
Three packets are exchanged between an initiator and a responder instead of six packets.
C.
Three packets are exchanged between an initiator and a responder instead of six packets.
Answers
D.
The use of Diffie Hellman keys is limited by the responder and needs initiator acceptance.
D.
The use of Diffie Hellman keys is limited by the responder and needs initiator acceptance.
Answers
Suggested answer: A, C

Question 13

Report
Export
Collapse

Which components make up the secure SD-WAN solution?

A.
Application, antivirus, and URL, and SSL inspection
A.
Application, antivirus, and URL, and SSL inspection
Answers
B.
Datacenter, branch offices, and public cloud
B.
Datacenter, branch offices, and public cloud
Answers
C.
FortiGate, FortiManager, FortiAnalyzer, and FortiDeploy
C.
FortiGate, FortiManager, FortiAnalyzer, and FortiDeploy
Answers
D.
Telephone, ISDN, and telecom network.
D.
Telephone, ISDN, and telecom network.
Answers
Suggested answer: C

Question 14

Report
Export
Collapse

Refer to the exhibit.

Based on the output shown in the exhibit, which two criteria on the SD-WAN member configuration can be used to select an outgoing interface in an SD-WAN rule? (Choose two.)

A.
Set priority 10.
A.
Set priority 10.
Answers
B.
Set cost 15.
B.
Set cost 15.
Answers
C.
Set load-balance-mode source-ip-ip-based.
C.
Set load-balance-mode source-ip-ip-based.
Answers
D.
Set source 100.64.1.1.
D.
Set source 100.64.1.1.
Answers
Suggested answer: A, B

Question 15

Report
Export
Collapse

What are two reasons why FortiGate would be unable to complete the zero-touch provisioning process? (Choose two.)

A.
The FortiGate cloud key has not been added to the FortiGate cloud portal.
A.
The FortiGate cloud key has not been added to the FortiGate cloud portal.
Answers
B.
FortiDeploy has connected with FortiGate and provided the initial configuration to contact FortiManager
B.
FortiDeploy has connected with FortiGate and provided the initial configuration to contact FortiManager
Answers
C.
The zero-touch provisioning process has completed internally, behind FortiGate.
C.
The zero-touch provisioning process has completed internally, behind FortiGate.
Answers
D.
FortiGate has obtained a configuration from the platform template in FortiGate cloud.
D.
FortiGate has obtained a configuration from the platform template in FortiGate cloud.
Answers
E.
A factory reset performed on FortiGate.
E.
A factory reset performed on FortiGate.
Answers
Suggested answer: A, C

Question 16

Report
Export
Collapse

Which two statements describe how IPsec phase 1 main mode is different from aggressive mode when performing IKE negotiation? (Choose two )

A.
A peer ID is included in the first packet from the initiator, along with suggested security policies.
A.
A peer ID is included in the first packet from the initiator, along with suggested security policies.
Answers
B.
XAuth is enabled as an additional level of authentication, which requires a username and password.
B.
XAuth is enabled as an additional level of authentication, which requires a username and password.
Answers
C.
A total of six packets are exchanged between an initiator and a responder instead of three packets.
C.
A total of six packets are exchanged between an initiator and a responder instead of three packets.
Answers
D.
The use of Diffie Hellman keys is limited by the responder and needs initiator acceptance.
D.
The use of Diffie Hellman keys is limited by the responder and needs initiator acceptance.
Answers
Suggested answer: B, C

Question 17

Report
Export
Collapse

Refer to the exhibit.

Based on the exhibit, which action does FortiGate take?

A.
FortiGate bounces port5 after it detects all SD-WAN members as dead.
A.
FortiGate bounces port5 after it detects all SD-WAN members as dead.
Answers
B.
FortiGate fails over to the secondary device after it detects all SD-WAN members as dead.
B.
FortiGate fails over to the secondary device after it detects all SD-WAN members as dead.
Answers
C.
FortiGate brings up port5 after it detects all SD-WAN members as alive.
C.
FortiGate brings up port5 after it detects all SD-WAN members as alive.
Answers
D.
FortiGate brings down port5 after it detects all SD-WAN members as dead.
D.
FortiGate brings down port5 after it detects all SD-WAN members as dead.
Answers
Suggested answer: A

Question 18

Report
Export
Collapse

What are two benefits of choosing packet duplication over FEC for data loss correction on noisy links? (Choose two.)

A.
Packet duplication can leverage multiple IPsec overlays for sending additional data.
A.
Packet duplication can leverage multiple IPsec overlays for sending additional data.
Answers
B.
Packet duplication does not require a route to the destination.
B.
Packet duplication does not require a route to the destination.
Answers
C.
Packet duplication supports hardware offloading.
C.
Packet duplication supports hardware offloading.
Answers
D.
Packet duplication uses smaller parity packets which results in less bandwidth consumption.
D.
Packet duplication uses smaller parity packets which results in less bandwidth consumption.
Answers
Suggested answer: A, C

Question 19

Report
Export
Collapse

Refer to the exhibit.

The exhibit shows the SD-WAN rule status and configuration.

Based on the exhibit, which change in the measured packet loss will make T_INET_1_0 the new preferred member?

A.
When all three members have the same packet loss.
A.
When all three members have the same packet loss.
Answers
B.
When T_INET_0_0 has 4% packet loss.
B.
When T_INET_0_0 has 4% packet loss.
Answers
C.
When T_INET_0_0 has 12% packet loss.
C.
When T_INET_0_0 has 12% packet loss.
Answers
D.
When T_INET_1_0 has 4% packet loss.
D.
When T_INET_1_0 has 4% packet loss.
Answers
Suggested answer: D

Question 20

Report
Export
Collapse

What are two benefits of using the Internet service database (ISDB) in an SD-WAN rule? (Choose two.)

A.
The ISDB is dynamically updated and reduces administrative overhead.
A.
The ISDB is dynamically updated and reduces administrative overhead.
Answers
B.
The ISDB requires application control to maintain signatures and perform load balancing.
B.
The ISDB requires application control to maintain signatures and perform load balancing.
Answers
C.
The ISDB applies rules to traffic from specific sources, based on application type.
C.
The ISDB applies rules to traffic from specific sources, based on application type.
Answers
D.
The ISDB contains the IP addresses and port ranges of well-known internet services.
D.
The ISDB contains the IP addresses and port ranges of well-known internet services.
Answers
Suggested answer: A, D
Total 97 questions
Go to page: of 10
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms